Although widely used, electronic crypto-systems' complexity are, in a sense, their biggest weakness. In that sense, users' lack of understanding of cryptographic fundamentals represents the weakest-link in the security of electronic messages systems that use highly sophisticated encryption algorithms. This invention improves the cryptographic processes of identification and authentication by simplifying them; making cryptographic identification as natural to the user as recognizing the face of a speaker. By representing cryptographic identification information as a face, authenticating the source of an electronic message can be done in a way that emulates the centuries-old method of visually recognizing the person to whom you are speaking.
In the context of cryptographic electronic messaging, asymmetric cryptographic messaging systems, such as Secure Sockets Layer (SSL) [IETF RCF 6101], enable encrypted channels to be set up on-the-fly; without prior agreement on neither cipher nor key. Thus, the fundamental problem faced by users of contemporary electronic messaging applications is reliable and accurate identification of the source of communication. Cryptographically, it is possible to accurately and reliably identify the source of electronic messages, but the perceived complexity/tedium of fulfilling this operation limits it's use. Thus, certain aspects of crypto-systems are effectively considered too complicated for non-specialists, and therefore under-used or unused by “end-users” due to perceived complexity.
The two cryptographic tools known to address the issues of identification and authentication of a remote party are Public Key Infrastructure (PKI) and key-fingerprints. Contemporary users of crypto-systems are asked to compare cryptographic hashes in a machine-readable format to verify the identity of remote parties.
In the context of PGP/GPG email and Secure Shell (SSH), identity verification is done by comparing two strings in hexadecimal notation. In WWW browsers, key verification is transparent to the user; a PKI “chain-of-trust” is used to validate the identity of the remote site. This has proven problematic as third-party Certificate Authorities (CAs) are known to have issued keys arbitrarily. To address the issue of key verification in the browser, new systems such as Domain Name System Security Extensions (DNSSEC) and the Electronic Frontier Foundation's Secure Sockets Layer (SSL) Observatory have been developed and deployed.